MIS 170 Chapter 8

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

control, safeguard and countermeasure

- control limits or constrains behavior - the other are controls that exercise restraint on or management of some activity

Countermeasure

- counters or addresses a specific threat

DRP (disaster recovery plan)

- details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations

1.3 Plan risk response

- determine responses to each risk that provide the best value

1.2 Assess risks

- determine which risks are the most serious ones -

Business Impact Analysis

- determines the extent of the impact that a particular incident would have on business operations over time - ask two questions -"what can affect the business?" -"how will it affect the business?""

Monitor and control risk response

- does this countermeasure solve this problem? - countermeasures might pose a new risk to the organization - perform certification and accreditation of countermeasure programs - follow best practices and exercise due diligence

Two key risk management principles

- dont spend more to protect an asset than it is worth - a countermeasure without a corresponding risk is a solution seeking a problem; it is difficult to justify the cost

implement the risk response plan

- either administrative or technical - detective controls -preventive controls - corrective controls

DRP

- establishes an emergency operations center as an alternate location from whick the BCP/DRP will be coordinated and implemented

BCM (business continuity management)

- includes BPB & DRP

Control

- includes both safeguards and countermeasures

1.5 Monitor and control risk responses

- measure each risk response to ensure that it is performing as expected

Incident handling

- preparation ==> identification ==> notification ==> response ==> recovery and followup ==> documentation and reporting

Qualitative Risk Analysis

- probability or likelihood - impact

Two approaches to assess risk

- quantitative: attempts to describe risk in financial terms - qualitative: ranks risk based on their probability of occurrence and impact on business operations

Plan a risk response

- reduce, transfer, accept and avoid each negative risk. - exploit, share, enhance, or accept each positive risk. `

Threat

- something (generally bad) that might happen

1.4 Implement risk response

- take action

Impact

- the amount of harm a threat exploiting a vulnerability can cause

Purpose of risk management

- to identify possible problems before something bad happens

1.1 Identify Risk

- what could go wrong? Develop scenarios for each threat to assess the threats - Methods: Brainstorming, Surveys, Interviews, Checklists

Restoring damaged systems

-

Risk Register

- Contains information on risks - Description -Expected Impact - The probability - Steps to mitigate the risk - Steps to take should event occur - Rank of risk

Steps to disaster recovery

- Ensure the safety of individuals ==> contain the damage ==> assess the damage and begin recovery operations according to the DrP and BCP

Review and test the plan

- Important to review and update the BCP regularly -checklist -structured walk-through -simulation -parallel -full interruption

Risk

- The likelihood that a particular threat will be realized against a specific vulnerability

Event

- a measurable occurrence that has an impact on the business

Disruption

- a sudden unplanned event.

Safeguard

- addresses gaps or weaknesses in controls that could lead to a realized threat

Incident

- any event that violates or threatens to violate your security policy

Vulnerability

- any exposure that could alow a threat to be realized

Calculating Quantified Risk

- calculate the asset value - calculate the exposure factor - calculate the single loss expectancy - determine how often a loss is likely to occur every year - determine annualized loss expectancy

BCP (business continuity plan)

- contains the actions needed to keep critical business processes running after a disruption

Risk management process

Identify risk ==> assess risks ==> plan risk response ==> Implement risk responses ==> Monitor and control risk responses


Kaugnay na mga set ng pag-aaral

Professionalism and Ethics Module 1The use of several sources of information to determine why a problem is occurring, who is responsible, who is affected, where the problem is located, when it occurs and what form the problem takes is __________.

View Set

Online Health Personal and Community Health

View Set

Chapter 4: Consumption, saving, and investment

View Set

american gov and politics chapter 8 on public opinion

View Set